Description

WordPress Plugin WordPress Poll is prone to multiple SQL injection and security bypass vulnerabilities. Exploiting these issues could allow an attacker to bypass certain security restrictions and perform unauthorized actions, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin WordPress Poll version 34.04 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 35.0 or latest

References

http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html

http://packetstormsecurity.com/files/119736/Cardoza-WordPress-Poll-34.05-SQL-Injection.html

http://seclists.org/bugtraq/2013/Jan/86

http://www.securityfocus.com/archive/1/525370

http://secunia.com/advisories/51942/

Related Vulnerabilities

Microsoft SQL Server CVE-2023-21705 Vulnerability (CVE-2023-21705)

WordPress Plugin WP User Manager-User Profile Builder & Membership Security Bypass (2.6.2)

WordPress Plugin Media File Renamer-Auto & Manual Rename Cross-Site Request Forgery (5.2.5)

WordPress Plugin Adminimize 'page' Parameter Cross-Site Scripting (1.7.21)

Oracle JRE CVE-2019-2962 Vulnerability (CVE-2019-2962)

Severity

High

Classification

CVE-2013-1400 CVE-2013-1401 CWE-89 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass SQL Injection